Visible to the public A Hybrid Interface Recovery Method for Android Kernels Fuzzing

TitleA Hybrid Interface Recovery Method for Android Kernels Fuzzing
Publication TypeConference Paper
Year of Publication2020
AuthorsLu, Shuaibing, Kuang, Xiaohui, Nie, Yuanping, Lin, Zhechao
Conference Name2020 IEEE 20th International Conference on Software Quality, Reliability and Security (QRS)
Date PublishedDec. 2020
ISBN Number978-1-7281-8913-0
KeywordsAndroid security, composabilty, fuzzing, interface recovery, IoT security, Kernel, kernel fuzzing, Metrics, Operating Systems Security, pubcrawl, resilience, Resiliency, security, smart phones, software quality, software reliability, static analysis
AbstractAndroid kernel fuzzing is a research area of interest specifically for detecting kernel vulnerabilities which may allow attackers to obtain the root privilege. The number of Android mobile phones is increasing rapidly with the explosive growth of Android kernel drivers. Interface aware fuzzing is an effective technique to test the security of kernel driver. Existing researches rely on static analysis with kernel source code. However, in fact, there exist millions of Android mobile phones without public accessible source code. In this paper, we propose a hybrid interface recovery method for fuzzing kernels which can recover kernel driver interface no matter the source code is available or not. In white box condition, we employ a dynamic interface recover method that can automatically and completely identify the interface knowledge. In black box condition, we use reverse engineering to extract the key interface information and use similarity computation to infer argument types. We evaluate our hybrid algorithm on on 12 Android smartphones from 9 vendors. Empirical experimental results show that our method can effectively recover interface argument lists and find Android kernel bugs. In total, 31 vulnerabilities are reported in white and black box conditions. The vulnerabilities were responsibly disclosed to affected vendors and 9 of the reported vulnerabilities have been already assigned CVEs.
Citation Keylu_hybrid_2020